ShurL0ckr Ransomware as a Service Peddled on Dark Web, can Reportedly Bypass Cloud Applications

Security researchers uncovered a new ransomware named ShurL0ckr that reportedly bypasses detection mechanisms of cloud platforms. Like Cerber and Satan, ShurL0ckr’s operators further monetize the ransomware by peddling it as a turnkey service to fellow cybercriminals, allowing them to earn additional income through a commission from each victim who pays the ransom.

The researchers’ analysis of ShurL0ckr indicates it can evade detection by cloud applications where it’s reported to proliferate. Like other ransomware, phishing and drive-by downloads are their likeliest infection vectors.

ShurL0ckr’s discovery was part of a larger problem: cybercriminals abusing legitimate platforms and services. The researchers noted that 44% of businesses using cloud applications were in some way affected by malware. In fact, they found at least three enterprise software-as-a-service (SaaS) applications infected with malware. The researchers also found malicious scripts and executables, as well as Trojanized Office documents and image files, to be the most commonly used entry point.

Indeed, ransomware isn’t going away any time soon. In fact, it’s projected to be a cybercriminal mainstay, along with digital extortion, as organizations increasingly incorporate emerging technologies to conduct business.

How exactly does RaaS figure into this? It lowers barriers to entry. Typically, a developer will write the malware, build its infrastructure, then make it accessible to others regardless of their technical knowhow. This business model continued to boom into 2017, as evidenced by the 2,502% growth in ransomware’s economy in the dark web. A lifetime license to WannaCry ransomware, for instance, was sold for just $50 in the Middle Eastern and North African underground two days after its outbreak in May last year.

Given ShurL0ckr’s nature, the ransomware can be customized — from the ransom demand and encryption capabilities to how it’s delivered, which makes defense in depth significant. Here are some best practices users and organizations can adopt to mitigate threats like ShurL0ckr:

Trend Micro’s Cloud App Security (CAS) can help enhance the security of Office 365 apps and other cloud services such as Google Drive by using cutting-edge sandbox malware analysis for ransomware and other advanced threats.

2017 MIDYEAR SECURITY ROUNDUP

2018 SECURITY PREDICTIONS

Today's increasingly interconnected environments pave the way for threats that will bank on systems' weaknesses for different forms of cybercrime. How can you prepare for the year ahead?View the 2018 Security Predictions